Team SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.
eef562c85e54780f81de814c641965c168f2e9b2b4076a28c77c679bc80f39a5Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.
013e587bb10c3bf7704f61efe60bbec7cc861cbd1561e4b1b1c66e862db60f5aTeam SHATTER Security Advisory - It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed. For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features. These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the commands. The pipe handling is not secure enough resulting in the vulnerability.
917ec70d2616d1daa738ea18642a5db3ecb8441d150203729a61d9b856e59d94SplashID version 5.5 for iPhone and SplashID Lite version 4.6 for iPhone suffer from a password caching issue that allows for the unlock of a database.
ec6b57aa6e683a71fbf1167e12b5e12051596351add155441985e7dc5ecb4e06Gentoo Linux Security Advisory 201101-9 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service. Versions less than 10.1.102.64 are affected.
c6cdc7639bd5039788276ccd46124edec6556cdbe06393e2fee124c513405ba0Gentoo Linux Security Advisory 201101-8 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Versions less than 9.4.1 are affected.
7edaf454bc5bfef5fc2ef98234ed5a05063803841e2155e4923cebad9ad09aceMandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
d8fd379e68953f4a687be7bb6ecff5da28e252ae6870a740003011ee2ac4751eMandriva Linux Security Advisory 2011-017 - It was discovered that tetex suffered from the same vulnerability as previously addressed in Evince with MDVSA-2011:005. As a precaution tetex has been patched to address this flaw.
e9ce1cb956381283faee9dea18cfb7473ce35d4ecff0d10df3d957c01cf1366fMandriva Linux Security Advisory 2011-016 - It was discovered that t1lib suffered from the same vulnerability as previously addressed in Evince with MDVSA-2011:005.As a precaution t1lib has been patched to address this flaw.
4b2bea635449b5c844cab0983e16844ae7c387e11040b308523a9d29955b3fbaHP Security Bulletin HPSBMA02622 SSRT100342 - A potential security vulnerability has been identified with HP Business Availability Center (BAC) and Business Service Management (BSM) . The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS). Revision 1 of this advisory.
1be4a4ac638301e6515aeb5fed48c9dbdd6cfb6824e44551141dd08e12cb15deHP Security Bulletin HPSBUX02623 SSRT100355 - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited remotely by an unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.
ca37343919cb6c61d84b03811584ab2585bc29f680b21c684e58134373eec5f4Look N Stop versions 2.06p4 and 2.07 local denial of service exploit.
38366e3de589fd2ef7d0ec4b3ceb59baa2eb4193fea0063403232b046f8805fcPanda Global Protection 2010 version 3.01.00 local denial of service exploit with unfiltered wcscpy().
b8f8034fca9b425d000da23154d615714b60bd552ae1581119719913e9f55e64Panda Global Protection 2010 version 3.01.00 local denial of service exploit.
002177a31b3e4110ef699bede0043feb3ba0b836255f7f83f4d651e70937a580PHP Lowbids suffers from a remote blind SQL injection vulnerability.
35f6cef618b747815b2c64e0d6175a6d68f3651bd8c0419eb7e6a3245555d373Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
d5dd56f761d0cdd8088afc2459b6355673102f394d9f5f7aa0f74876cbcf1afaRFC6056 has been released and is titled Recommendations for Transport-Protocol Port Randomization.
2d899269f777944a49b7bcd5373a53284b4b6425a5e957bee90959e976ad26bbRIM has released a patch to address the denial of service vulnerability discovered by TEHTRI-Security in BlackBerry devices.
663fa36925d22e162d930f155d3fb9489283e35bc81b821489b43a4d6ab2ef96R-U-Dead-Yet is a universal DoS attack tool written in Python. It will attack all and any web applications / servers. Runs either in unattended mode using configuration file or in an interactive auto-discover-web-forms mode.
e9dbd25e93a96deead6d457fea311264726fcd2e8c1c46a1ac23a3359fa8f491Secunia Security Advisory - A vulnerability has been reported in Citrix Provisioning Services, which can be exploited by malicious people to compromise a vulnerable system.
b4314624ed63197d2a9b8ff088640fb9851a8b3972cf7b62229b2758b070191cSecunia Security Advisory - A vulnerability has been reported in Oracle Outside In Technology, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
cb61dd6f00e9509cc53cc7fd9264ffe0f3465b26c6cc9e4ce7a6912b7266ef4eSecunia Security Advisory - Debian has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
0247e53ce1b77e8b303cf36129e1e856e3141718ab85f81600a0dde4c83a5406Secunia Security Advisory - A vulnerability has been reported in Iconfidant SSL, which can be exploited by malicious people to compromise a vulnerable system.
6018cfe81daa57bf7b2990373d6da633e3935f46d431f3c72ca50dbbad47d714Secunia Security Advisory - A vulnerability has been reported in Phpcms 2008, which can be exploited by malicious people to conduct SQL injection attacks.
f8142114efbe3bb01751edf99df2f45f900f93b174195040b9a0f3b26c65d0b6Secunia Security Advisory - Red Hat has issued an update for libuser. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
2b55ce60206d34aafa80dde1db6b5ba0fb732d5864e890e502cee2f57c7d226e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed